How to maintain PCI compliance on a LAMP server when repositories don't keep up with versions

Posted by Jared Green on Server Fault See other posts from Server Fault or by Jared Green
Published on 2012-10-14T22:47:06Z Indexed on 2012/10/15 3:42 UTC
Read the original article Hit count: 452

Filed under:
|
|
|

We run Ubuntu Lucid 10.0.4 as the foundation of our LAMP environment. We are trying to become PCI compliant so that we can pass CC info through our server. We have run some third-party scans on our servers to begin the certification process and have run into errors regarding PHP 5 versions and Apache versions. The latest PHP version hosted in our official lucid repository is about 10 versions lower than what PCI compliance requires.

How do we upgrade to stay current with PCI compliance requirements?

We need to get from php 5.3.2 to php 5.3.15

As well as up to apache 2.2.23

I've searched far and wide for an answer and haven't come up with a realistic answer. Some recommend compiling manually - which sounds like a nightmare, and others recommend a PPA - which sounds insecure. What should we do?

© Server Fault or respective owner

Related posts about php

Related posts about repository